#!/bin/bash
set -euxo pipefail

    sudo -s
    echo root:youling|chpasswd
    sed -i s/PasswordAuthentication/#PasswordAuthentication/g /etc/ssh/sshd_config
    echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
    echo "StrictModes yes" >> /etc/ssh/sshd_config
    echo "PasswordAuthentication yes" >> /etc/ssh/sshd_config
systemctl restart sshd


export DEBIAN_FRONTEND=noninteractive
# sed -i s/repo.openeuler.org/mirrors.nju.edu.cn/g /etc/yum.repos.d/openEuler.repo
# traceroute

#禁用防火墙
systemctl stop ufw
systemctl disable ufw
# firewalld enable -y

# firewall-cmd --zone=public--add-port=443/tcp --permanent

# firewall-cmd --zone=public --add-port=22/tcp--permanent
# firewall-cmd --zone=public--add-port=6443/tcp --permanent

# firewall-cmd --zone=public --add-port=9345/tcp--permanent
# firewall-cmd --zone=public--add-port=10250/tcp --permanent

# firewall-cmd --zone=public --add-port=2379/tcp--permanent
# firewall-cmd --zone=public --add-port=2380/tcp--permanent

# firewall-cmd --reload
# systemctl reload NetworkManager



#查询端口开放情况
  # firewall-cmd --query-port=9345/tcp

  # 开放9345端口
  # firewall-cmd --add-port=9345/tcp --permanent
  # 开放一批端口
    # firewall-cmd --add-port=8000-9999/tcp --permanent
  # firewall-cmd --reload
  # 关闭端口
  # firewall-cmd  --permanent --remove-port=9345/tcp
    #禁用防火墙
# systemctl stop firewalld
# systemctl disable firewalld

# 将 SELinux 设置为 permissive 模式（相当于将其禁用）
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config

#关闭swap
swapoff -a
sed -ri 's/.*swap.*/#&/' /etc/fstab

#允许 iptables 检查桥接流量
cat <<EOF | sudo tee /etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
EOF

modprobe br_netfilter
sysctl -p

yum update -y && yum install -y vim net-tools




